PrepAway - Latest Free Exam Questions & Answers

which of the following attacks?

If a web application sends HTTP cookies as its method for transmitting session tokens, it
may be vulnerable which of the following attacks?

PrepAway - Latest Free Exam Questions & Answers

A.
Parameter tampering Attack

B.
Sql injection attack

C.
Session Hijacking

D.
Cross-site request attack

Explanation:

Reference:
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

7 Comments on “which of the following attacks?

  1. Q  says:

    C. Session Hijacking is the correct answer.
    The attacker can exploit XSS vulnerability to steal cookies from legitimate users if the “HttpOnly” flag is not set. This kind of attack is known as “Session Hijacking.”

    D. Cross-site request attack is not Cross-site scripting. It is more like CSRF.

  2. tcw says:

    C is the correct Answer according to ECSAv10. If HTTP cookies are being used as the transmission mechanism for session tokens and the secure flag is not set, attackers can replay the cookie to gain unauthorized access to the application.

    Attackers can use session cookies to perform session hijacking, session replay, and Man-in-the-Middle attacks


Leave a Reply